MGASA-2013-0152
| Date: | May 25th, 2013 |
| Affected releases: | 2 |
| Media: | Core |
Description:
Updated python-httplib2 packages fix security vulnerability:
httplib2 only validates SSL certificates on the first request to a
connection, and doesn't report validation failures on subsequent requests
(CVE-2013-2037).
Additionally, the python3-httplib2 package has been fixed so that it will
use the system-wide Mozilla CA certificates from the rootcerts package.
Updated Packages:
i586:
python3-httplib2-0.7.4-4.mga2.noarch.rpm
python-httplib2-0.7.4-4.mga2.noarch.rpm
x86_64:
python3-httplib2-0.7.4-4.mga2.noarch.rpm
python-httplib2-0.7.4-4.mga2.noarch.rpm
SRPMS:
python-httplib2-0.7.4-4.mga2.src.rpm
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2037
http://lists.opensuse.org/opensuse-updates/2013-05/msg00018.html
https://bugs.mageia.org/show_bug.cgi?id=10055
